Commit ab827fb3 authored by Mathias Krause's avatar Mathias Krause Committed by Herbert Xu

crypto: picoxcell - Simplify and harden key parsing

Use the common helper function crypto_authenc_extractkeys() for key
parsing. Also ensure the auth key won't overflow the hash_ctx buffer.

Cc: Jamie Iles <jamie@jamieiles.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: default avatarMathias Krause <mathias.krause@secunet.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 56902781
...@@ -495,45 +495,29 @@ static int spacc_aead_setkey(struct crypto_aead *tfm, const u8 *key, ...@@ -495,45 +495,29 @@ static int spacc_aead_setkey(struct crypto_aead *tfm, const u8 *key,
{ {
struct spacc_aead_ctx *ctx = crypto_aead_ctx(tfm); struct spacc_aead_ctx *ctx = crypto_aead_ctx(tfm);
struct spacc_alg *alg = to_spacc_alg(tfm->base.__crt_alg); struct spacc_alg *alg = to_spacc_alg(tfm->base.__crt_alg);
struct rtattr *rta = (void *)key; struct crypto_authenc_keys keys;
struct crypto_authenc_key_param *param;
unsigned int authkeylen, enckeylen;
int err = -EINVAL; int err = -EINVAL;
if (!RTA_OK(rta, keylen)) if (crypto_authenc_extractkeys(&keys, key, keylen) != 0)
goto badkey; goto badkey;
if (rta->rta_type != CRYPTO_AUTHENC_KEYA_PARAM) if (keys.enckeylen > AES_MAX_KEY_SIZE)
goto badkey; goto badkey;
if (RTA_PAYLOAD(rta) < sizeof(*param)) if (keys.authkeylen > sizeof(ctx->hash_ctx))
goto badkey;
param = RTA_DATA(rta);
enckeylen = be32_to_cpu(param->enckeylen);
key += RTA_ALIGN(rta->rta_len);
keylen -= RTA_ALIGN(rta->rta_len);
if (keylen < enckeylen)
goto badkey;
authkeylen = keylen - enckeylen;
if (enckeylen > AES_MAX_KEY_SIZE)
goto badkey; goto badkey;
if ((alg->ctrl_default & SPACC_CRYPTO_ALG_MASK) == if ((alg->ctrl_default & SPACC_CRYPTO_ALG_MASK) ==
SPA_CTRL_CIPH_ALG_AES) SPA_CTRL_CIPH_ALG_AES)
err = spacc_aead_aes_setkey(tfm, key + authkeylen, enckeylen); err = spacc_aead_aes_setkey(tfm, keys.enckey, keys.enckeylen);
else else
err = spacc_aead_des_setkey(tfm, key + authkeylen, enckeylen); err = spacc_aead_des_setkey(tfm, keys.enckey, keys.enckeylen);
if (err) if (err)
goto badkey; goto badkey;
memcpy(ctx->hash_ctx, key, authkeylen); memcpy(ctx->hash_ctx, keys.authkey, keys.authkeylen);
ctx->hash_key_len = authkeylen; ctx->hash_key_len = keys.authkeylen;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment